GLSA-202409-26 : IcedTea: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202409-26 IcedTea: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

IcedTea: Multiple Vulnerabilities

Background IcedTea’s aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Description Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers...

Apache Log4j: Multiple Vulnerabilities

Background Log4j is a Java logging framework that supports various use cases with a rich set of components, a separate API, and a performance-optimized implementation. Description Multiple vulnerabilities hav been discovered in Apache Log4j. Please review the CVE identifiers referenced below for...

Cherokee: Multiple vulnerabilities

Background Cherokee is an extra-light web server. Description Multiple vulnerabilities have been discovered in Cherokee. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this...

PyCrypto: Weak key generation

Background PyCrypto is the Python Cryptography Toolkit. Description It was discovered that PyCrypto incorrectly generated ElGamal key parameters. Impact Attackers may be able to obtain sensitive information by reading ciphertext data. Workaround There is no known workaround at this time. Resoluti...

Thin: Privilege escalation

Background Thin is a small and fast Ruby web server. Description It was discovered that Gentoo’s Thin ebuild does not properly handle its temporary runtime directories. This only affects OpenRC systems, as the flaw was exploitable via the init script. Impact A local attacker could cause denial of...

GLSA-202007-31 : Icinga: Root privilege escalation

The remote host is affected by the vulnerability described in GLSA-202007-31 Icinga: Root privilege escalation It was discovered that Icingas installed files have insecure permissions, possibly allowing root privilege escalation. Impact : A local attacker could escalate privileges to root...

Icinga: Root privilege escalation

Background Icinga is an open source computer system and network monitoring application. It was originally created as a fork of the Nagios system monitoring application in 2009. Description It was discovered that Icinga’s installed files have insecure permissions, possibly allowing root privilege...

ssvnc: Multiple vulnerabilities

Background The Enhanced TightVNC Viewer, SSVNC, adds encryption security to VNC connections. Description Multiple vulnerabilities have been discovered in ssvnc. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

GLSA-202003-01 : Groovy: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202003-01 Groovy: Arbitrary code execution It was discovered that there was a vulnerability within the Java serialization/deserialization process. Impact : An attacker, by crafting a special serialized object, could execute...

GLSA-201908-03 : JasPer: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201908-03 JasPer: Multiple vulnerabilities Multiple vulnerabilities have been discovered in JasPer. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...

CouchDB: Multiple vulnerabilities

Background Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database. Description Multiple vulnerabilities have been discovered in CouchDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code or...

PHProjekt: Multiple vulnerabilities

Background PHProjekt is an application suite that supports communication and management of teams and companies. Description Multiple vulnerabilities have been discovered in PHProjekt due to embedded Zend Framework. Please review the GLSA identifiers referenced below for details. Impact Remote...

hesiod: Root privilege escalation

Background DNS functionality to access to DB of information that changes infrequently. Description Multiple vulnerabilities have been discovered in hesiod that have remained unaddressed. Please review the referenced CVE identifiers for details. Impact A remote or local attacker may be able to...

Zend Framework: Multiple vulnerabilities

Background Zend Framework is a high quality and open source framework for developing Web Applications. Description Multiple vulnerabilities have been discovered in Zend Framework that have remain unaddressed. Please review the referenced CVE identifiers for details. Impact Remote attackers could...

JabberD 2.x: Multiple vulnerabilities

Background JabberD 2.x is an open source Jabber server written in C. Description Multiple vulnerabilities have been discovered in Gentoo’s JabberD 2.x ebuild. Please review the referenced CVE identifiers for details. Impact An attacker could possibly escalate privileges by owning system binaries ...

Newsbeuter: User-assisted execution of arbitrary code

Background Newsbeuter is a RSS/Atom feed reader for the text console. Description Newsbeuter does not properly escape shell meta-characters in an RSS item with a media enclosure in the podcast playback function of Podbeuter. Impact A remote attacker, by enticing a user to open a feed with a...

eGroupWare: Remote code execution

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description It was found that eGroupWare contains multiple code injection vulnerabilities in multiple parameters and routes because of improper input sanitization. Impact A remo...

AutoTrace: Multiple vulnerabilities

Background AutoTrace converts bitmap to vector graphics. Description Heap-based buffer overflows have been discovered in the pstoeditsuffixtableinit and pnmloadrawpbm functions of AutoTrace. Impact Remote attackers, by enticing a user to process a crafted bmp image file, could cause a Denial of...

CyaSSL: Multiple vulnerabilities

Background CyaSSL is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. Description Multiple vulnerabilities have been discovered in CyaSSL. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary code...